Merge pull request #1246 from ae-utbm/club-sale

use FilterSchema for club sales view

club/forms.py

@@ -37,6 +37,7 @@ from core.views.widgets.ajax_select import (
     AutoCompleteSelectUser,
 )
 from counter.models import Counter, Selling
+from counter.schemas import SaleFilterSchema
 
 
 class ClubEditForm(forms.ModelForm):
@@ -191,6 +192,18 @@ class SellingsForm(forms.Form):
             required=False,
         )
 
+    def to_filter_schema(self) -> SaleFilterSchema:
+        products = (
+            *self.cleaned_data["products"],
+            *self.cleaned_data["archived_products"],
+        )
+        return SaleFilterSchema(
+            after=self.cleaned_data["begin_date"],
+            before=self.cleaned_data["end_date"],
+            counters={c.id for c in self.cleaned_data["counters"]} or None,
+            products={p.id for p in products} or None,
+        )
+
 
 class ClubOldMemberForm(forms.Form):
     members_old = forms.ModelMultipleChoiceField(

club/templates/club/page_history.jinja

@@ -1,12 +1,8 @@
 {% extends "core/base.jinja" %}
-{% from 'core/macros_pages.jinja' import page_history %}
+{% from 'core/page/macros.jinja' import page_history %}
 
 {% block content %}
-  {% if club.page %}
+  {{ page_history(club.page) }}
-    {{ page_history(club.page) }}
-  {% else %}
-    {% trans %}No page existing for this club{% endtrans %}
-  {% endif %}
 {% endblock %}
 
 

club/templates/club/pagerev_edit.jinja

@@ -1,8 +1,12 @@
 {% extends "core/base.jinja" %}
-{% from 'core/macros_pages.jinja' import page_edit_form %}
 
 {% block content %}
-  {{ page_edit_form(page, form, url('club:club_edit_page', club_id=page.club.id), csrf_token) }}
+  <h2>{% trans %}Edit page{% endtrans %}</h2>
+  <form action="{{ url('club:club_edit_page', club_id=page.club.id) }}" method="post">
+    {% csrf_token %}
+    {{ form.as_p() }}
+    <p><input type="submit" value="{% trans %}Save{% endtrans %}" /></p>
+  </form>
 {% endblock %}
 
 

club/tests/test_page.py

@@ -3,9 +3,10 @@ from bs4 import BeautifulSoup
 from django.test import Client
 from django.urls import reverse
 from model_bakery import baker
-from pytest_django.asserts import assertHTMLEqual
+from pytest_django.asserts import assertHTMLEqual, assertRedirects
 
-from club.models import Club
+from club.models import Club, Membership
+from core.baker_recipes import subscriber_user
 from core.markdown import markdown
 from core.models import PageRev, User
 
@@ -16,7 +17,6 @@ def test_page_display_on_club_main_page(client: Client):
     club = baker.make(Club)
     content = "# foo\nLorem ipsum dolor sit amet"
     baker.make(PageRev, page=club.page, revision=1, content=content)
-    client.force_login(baker.make(User))
     res = client.get(reverse("club:club_view", kwargs={"club_id": club.id}))
 
     assert res.status_code == 200
@@ -30,10 +30,42 @@ def test_club_main_page_without_content(client: Client):
     """Test the club view works, even if the club page is empty"""
     club = baker.make(Club)
     club.page.revisions.all().delete()
-    client.force_login(baker.make(User))
     res = client.get(reverse("club:club_view", kwargs={"club_id": club.id}))
 
     assert res.status_code == 200
     soup = BeautifulSoup(res.text, "lxml")
     detail_html = soup.find(id="club_detail")
     assert detail_html.find_all("markdown") == []
+
+
+@pytest.mark.django_db
+def test_page_revision(client: Client):
+    club = baker.make(Club)
+    revisions = baker.make(
+        PageRev, page=club.page, _quantity=3, content=iter(["foo", "bar", "baz"])
+    )
+    client.force_login(baker.make(User))
+    url = reverse(
+        "club:club_view_rev", kwargs={"club_id": club.id, "rev_id": revisions[1].id}
+    )
+    res = client.get(url)
+    assert res.status_code == 200
+    soup = BeautifulSoup(res.text, "lxml")
+    detail_html = soup.find(class_="markdown")
+    assertHTMLEqual(detail_html.decode_contents(), markdown(revisions[1].content))
+
+
+@pytest.mark.django_db
+def test_edit_page(client: Client):
+    club = baker.make(Club)
+    user = subscriber_user.make()
+    baker.make(Membership, user=user, club=club, role=3)
+    client.force_login(user)
+    url = reverse("club:club_edit_page", kwargs={"club_id": club.id})
+    content = "# foo\nLorem ipsum dolor sit amet"
+
+    res = client.get(url)
+    assert res.status_code == 200
+    res = client.post(url, data={"content": content})
+    assertRedirects(res, reverse("club:club_view", kwargs={"club_id": club.id}))
+    assert club.page.revisions.last().content == content

club/tests/test_sales.py

@@ -1,3 +1,6 @@
+import csv
+import itertools
+
 import pytest
 from django.test import Client
 from django.urls import reverse
@@ -7,16 +10,20 @@ from club.forms import SellingsForm
 from club.models import Club
 from core.models import User
 from counter.baker_recipes import product_recipe, sale_recipe
-from counter.models import Counter, Customer
+from counter.models import Counter, Customer, Product, Selling
 
 
 @pytest.mark.django_db
 def test_sales_page_doesnt_crash(client: Client):
+    """Basic crashtest on club sales view."""
     club = baker.make(Club)
+    product = baker.make(Product, club=club)
     admin = baker.make(User, is_superuser=True)
     client.force_login(admin)
-    response = client.get(reverse("club:club_sellings", kwargs={"club_id": club.id}))
+    url = reverse("club:club_sellings", kwargs={"club_id": club.id})
-    assert response.status_code == 200
+    assert client.get(url).status_code == 200
+    assert client.post(url).status_code == 200
+    assert client.post(url, data={"products": [product.id]}).status_code == 200
 
 
 @pytest.mark.django_db
@@ -36,3 +43,62 @@ def test_sales_form_counter_filter():
     form = SellingsForm(club)
     form_counters = list(form.fields["counters"].queryset)
     assert form_counters == [counters[1], counters[2], counters[0]]
+
+
+@pytest.mark.django_db
+def test_club_sales_csv(client: Client):
+    client.force_login(baker.make(User, is_superuser=True))
+    club = baker.make(Club)
+    counter = baker.make(Counter, club=club)
+    product = product_recipe.make(club=club, counters=[counter], purchase_price=0.5)
+    customers = baker.make(Customer, amount=100, _quantity=2, _bulk_create=True)
+    sales: list[Selling] = sale_recipe.make(
+        club=club,
+        counter=counter,
+        quantity=2,
+        unit_price=1.5,
+        product=iter([product, product, None]),
+        customer=itertools.cycle(customers),
+        _quantity=3,
+    )
+    url = reverse("club:sellings_csv", kwargs={"club_id": club.id})
+    response = client.post(url, data={"counters": [counter.id]})
+    assert response.status_code == 200
+    reader = csv.reader(s.decode() for s in response.streaming_content)
+    data = list(reader)
+    sale_rows = [
+        [
+            str(s.date),
+            str(counter),
+            str(s.seller),
+            s.customer.user.get_display_name(),
+            s.label,
+            "2",
+            "1.50",
+            "3.00",
+            "Compte utilisateur",
+        ]
+        for s in sales[::-1]
+    ]
+    sale_rows[2].extend(["0.50", "1.00"])
+    sale_rows[1].extend(["0.50", "1.00"])
+    sale_rows[0].extend(["", ""])
+    assert data == [
+        ["Quantité", "6"],
+        ["Total", "9"],
+        ["Bénéfice", "1"],
+        [
+            "Date",
+            "Comptoir",
+            "Barman",
+            "Client",
+            "Étiquette",
+            "Quantité",
+            "Prix unitaire",
+            "Total",
+            "Méthode de paiement",
+            "Prix d'achat",
+            "Bénéfice",
+        ],
+        *sale_rows,
+    ]

club/views.py

@@ -22,12 +22,14 @@
 #
 #
 
+from __future__ import annotations
+
 import csv
 import itertools
-from typing import Any
+from typing import TYPE_CHECKING, Any
 
 from django.conf import settings
-from django.contrib.auth.mixins import PermissionRequiredMixin
+from django.contrib.auth.mixins import LoginRequiredMixin, PermissionRequiredMixin
 from django.contrib.messages.views import SuccessMessageMixin
 from django.core.exceptions import NON_FIELD_ERRORS, PermissionDenied, ValidationError
 from django.core.paginator import InvalidPage, Paginator
@@ -36,7 +38,7 @@ from django.http import Http404, HttpResponseRedirect, StreamingHttpResponse
 from django.shortcuts import get_object_or_404, redirect
 from django.urls import reverse, reverse_lazy
 from django.utils import timezone
-from django.utils.safestring import SafeString
+from django.utils.functional import cached_property
 from django.utils.timezone import now
 from django.utils.translation import gettext
 from django.utils.translation import gettext_lazy as _
@@ -61,11 +63,14 @@ from com.views import (
     PosterListBaseView,
 )
 from core.auth.mixins import CanEditMixin, PermissionOrClubBoardRequiredMixin
-from core.models import PageRev
+from core.models import Page, PageRev
-from core.views import DetailFormView, PageEditViewBase, UseFragmentsMixin
+from core.views import BasePageEditView, DetailFormView, UseFragmentsMixin
 from core.views.mixins import FragmentMixin, FragmentRenderer, TabedViewMixin
 from counter.models import Selling
 
+if TYPE_CHECKING:
+    from django.utils.safestring import SafeString
+
 
 class ClubTabsMixin(TabedViewMixin):
     def get_tabs_title(self):
@@ -75,6 +80,8 @@ class ClubTabsMixin(TabedViewMixin):
             self.object = self.object.page.club
         elif isinstance(self.object, Poster):
             self.object = self.object.club
+        elif hasattr(self, "club"):
+            self.object = self.club
         return self.object.get_display_name()
 
     def get_list_of_tabs(self):
@@ -202,7 +209,7 @@ class ClubView(ClubTabsMixin, DetailView):
         return kwargs
 
 
-class ClubRevView(ClubView):
+class ClubRevView(LoginRequiredMixin, ClubView):
     """Display a specific page revision."""
 
     def dispatch(self, request, *args, **kwargs):
@@ -216,26 +223,26 @@ class ClubRevView(ClubView):
         return kwargs
 
 
-class ClubPageEditView(ClubTabsMixin, PageEditViewBase):
+class ClubPageEditView(ClubTabsMixin, BasePageEditView):
     template_name = "club/pagerev_edit.jinja"
     current_tab = "page_edit"
 
-    def dispatch(self, request, *args, **kwargs):
+    @cached_property
-        self.club = get_object_or_404(Club, pk=kwargs["club_id"])
+    def club(self):
-        if not self.club.page:
+        return get_object_or_404(Club, pk=self.kwargs["club_id"])
-            raise Http404
-        return super().dispatch(request, *args, **kwargs)
 
-    def get_object(self):
+    @cached_property
-        self.page = self.club.page
+    def page(self) -> Page:
-        return self._get_revision()
+        page = self.club.page
+        page.set_lock(self.request.user)
+        return page
 
     def get_success_url(self, **kwargs):
         return reverse_lazy("club:club_view", kwargs={"club_id": self.club.id})
 
 
 class ClubPageHistView(ClubTabsMixin, PermissionRequiredMixin, DetailView):
-    """Modification hostory of the page."""
+    """Modification history of the page."""
 
     model = Club
     pk_url_kwarg = "club_id"
@@ -399,33 +406,14 @@ class ClubSellingView(ClubTabsMixin, CanEditMixin, DetailFormView):
         kwargs = super().get_context_data(**kwargs)
 
         kwargs["result"] = Selling.objects.none()
-        kwargs["paginated_result"] = kwargs["result"]
         kwargs["total"] = 0
         kwargs["total_quantity"] = 0
         kwargs["benefit"] = 0
 
-        form = self.get_form()
+        form: SellingsForm = self.get_form()
-        if form.is_valid():
+        if form.is_valid() and any(v for v in form.cleaned_data.values()):
-            qs = Selling.objects.filter(club=self.object)
+            filters = form.to_filter_schema()
-            if not len([v for v in form.cleaned_data.values() if v is not None]):
+            qs = filters.filter(Selling.objects.filter(club=self.object))
-                qs = Selling.objects.none()
-            if form.cleaned_data["begin_date"]:
-                qs = qs.filter(date__gte=form.cleaned_data["begin_date"])
-            if form.cleaned_data["end_date"]:
-                qs = qs.filter(date__lte=form.cleaned_data["end_date"])
-
-            if form.cleaned_data["counters"]:
-                qs = qs.filter(counter__in=form.cleaned_data["counters"])
-
-            selected_products = []
-            if form.cleaned_data["products"]:
-                selected_products.extend(form.cleaned_data["products"])
-            if form.cleaned_data["archived_products"]:
-                selected_products.extend(form.cleaned_data["archived_products"])
-
-            if len(selected_products) > 0:
-                qs = qs.filter(product__in=selected_products)
-
             kwargs["total"] = qs.annotate(
                 price=F("quantity") * F("unit_price")
             ).aggregate(total=Sum("price", default=0))["total"]
@@ -472,15 +460,15 @@ class ClubSellingCSVView(ClubSellingView):
             *row,
             selling.label,
             selling.quantity,
+            selling.unit_price,
             selling.quantity * selling.unit_price,
             selling.get_payment_method_display(),
         ]
         if selling.product:
-            row.append(selling.product.selling_price)
             row.append(selling.product.purchase_price)
-            row.append(selling.product.selling_price - selling.product.purchase_price)
+            row.append(selling.unit_price - selling.product.purchase_price)
         else:
-            row = [*row, "", "", ""]
+            row = [*row, "", ""]
         return row
 
     def get(self, request, *args, **kwargs):
@@ -501,9 +489,9 @@ class ClubSellingCSVView(ClubSellingView):
                 gettext("Customer"),
                 gettext("Label"),
                 gettext("Quantity"),
+                gettext("Unit price"),
                 gettext("Total"),
                 gettext("Payment method"),
-                gettext("Selling price"),
                 gettext("Purchase price"),
                 gettext("Benefit"),
             ],

com/views.py

@@ -240,10 +240,11 @@ class NewsListView(TemplateView):
         if not self.request.user.has_perm("core.view_user"):
             return []
         return itertools.groupby(
-            User.objects.filter(
+            User.objects.viewable_by(self.request.user)
+            .filter(
                 date_of_birth__month=localdate().month,
                 date_of_birth__day=localdate().day,
-                is_subscriber_viewable=True,
+                is_viewable=True,
             )
             .filter(role__in=["STUDENT", "FORMER STUDENT"])
             .order_by("-date_of_birth"),

core/admin.py

@@ -74,9 +74,19 @@ class UserBanAdmin(admin.ModelAdmin):
     autocomplete_fields = ("user", "ban_group")
 
 
+class GroupInline(admin.TabularInline):
+    model = Group.permissions.through
+    readonly_fields = ("group",)
+    extra = 0
+
+    def has_add_permission(self, request, obj):
+        return False
+
+
 @admin.register(Permission)
 class PermissionAdmin(admin.ModelAdmin):
     search_fields = ("codename",)
+    inlines = (GroupInline,)
 
 
 @admin.register(Page)

core/api.py

@@ -74,7 +74,7 @@ class MailingListController(ControllerBase):
 class UserController(ControllerBase):
     @route.get("", response=list[UserProfileSchema], permissions=[CanAccessLookup])
     def fetch_profiles(self, pks: Query[set[int]]):
-        return User.objects.filter(pk__in=pks)
+        return User.objects.viewable_by(self.context.request.user).filter(pk__in=pks)
 
     @route.get("/{int:user_id}", response=UserSchema, permissions=[CanView])
     def fetch_user(self, user_id: int):
@@ -90,7 +90,9 @@ class UserController(ControllerBase):
     @paginate(PageNumberPaginationExtra, page_size=20)
     def search_users(self, filters: Query[UserFilterSchema]):
         return filters.filter(
-            User.objects.order_by(F("last_login").desc(nulls_last=True))
+            User.objects.viewable_by(self.context.request.user).order_by(
+                F("last_login").desc(nulls_last=True)
+            )
         )
 
 

core/management/commands/populate.py

@@ -150,7 +150,8 @@ class Command(BaseCommand):
 
         Weekmail().save()
 
-        # Here we add a lot of test datas, that are not necessary for the Sith, but that provide a basic development environment
+        # Here we add a lot of test datas, that are not necessary for the Sith,
+        # but that provide a basic development environment
         self.now = timezone.now().replace(hour=12, second=0)
 
         skia = User.objects.create_user(

core/migrations/0048_alter_user_options.py

@@ -0,0 +1,33 @@
+# Generated by Django 5.2.8 on 2025-11-09 15:20
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [("core", "0047_alter_notification_date_alter_notification_type")]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name="user",
+            options={
+                "permissions": [("view_hidden_user", "Can view hidden users")],
+                "verbose_name": "user",
+                "verbose_name_plural": "users",
+            },
+        ),
+        migrations.RenameField(
+            model_name="user", old_name="is_subscriber_viewable", new_name="is_viewable"
+        ),
+        migrations.AlterField(
+            model_name="user",
+            name="is_viewable",
+            field=models.BooleanField(
+                default=True,
+                verbose_name="Profile visible by subscribers",
+                help_text=(
+                    "If you disable this option, only admin users "
+                    "will be able to see your profile."
+                ),
+            ),
+        ),
+    ]

core/models.py

@@ -54,6 +54,8 @@ from django.utils.translation import gettext_lazy as _
 from phonenumber_field.modelfields import PhoneNumberField
 from PIL import Image, ImageOps
 
+from core.utils import get_last_promo
+
 if TYPE_CHECKING:
     from django.core.files.uploadedfile import UploadedFile
     from pydantic import NonNegativeInt
@@ -86,12 +88,11 @@ class Group(AuthGroup):
 
 
 def validate_promo(value: int) -> None:
-    start_year = settings.SITH_SCHOOL_START_YEAR
+    last_promo = get_last_promo()
-    delta = (localdate() + timedelta(days=180)).year - start_year
+    if not 0 < value <= last_promo:
-    if value < 0 or delta < value:
         raise ValidationError(
             _("%(value)s is not a valid promo (between 0 and %(end)s)"),
-            params={"value": value, "end": delta},
+            params={"value": value, "end": last_promo},
         )
 
 
@@ -136,6 +137,15 @@ class UserQuerySet(models.QuerySet):
             Q(Exists(subscriptions)) | Q(Exists(refills)) | Q(Exists(purchases))
         )
 
+    def viewable_by(self, user: User) -> Self:
+        if user.has_perm("core.view_hidden_user"):
+            return self
+        if user.has_perm("core.view_user"):
+            return self.filter(is_viewable=True)
+        if user.is_anonymous:
+            return self.none()
+        return self.filter(id=user.id)
+
 
 class CustomUserManager(UserManager.from_queryset(UserQuerySet)):
     # see https://docs.djangoproject.com/fr/stable/topics/migrations/#model-managers
@@ -271,13 +281,24 @@ class User(AbstractUser):
     parent_address = models.CharField(
         _("parent address"), max_length=128, blank=True, default=""
     )
-    is_subscriber_viewable = models.BooleanField(
+    is_viewable = models.BooleanField(
-        _("is subscriber viewable"), default=True
+        _("Profile visible by subscribers"),
+        help_text=_(
+            "If you disable this option, only admin users "
+            "will be able to see your profile."
+        ),
+        default=True,
     )
     godfathers = models.ManyToManyField("User", related_name="godchildren", blank=True)
 
     objects = CustomUserManager()
 
+    class Meta(AbstractUser.Meta):
+        abstract = False
+        permissions = [
+            ("view_hidden_user", "Can view hidden users"),
+        ]
+
     def __str__(self):
         return self.get_display_name()
 
@@ -551,8 +572,12 @@ class User(AbstractUser):
     def can_be_edited_by(self, user):
         return user.is_root or user.is_board_member
 
-    def can_be_viewed_by(self, user):
+    def can_be_viewed_by(self, user: User) -> bool:
-        return (user.was_subscribed and self.is_subscriber_viewable) or user.is_root
+        return (
+            user.id == self.id
+            or user.has_perm("core.view_hidden_user")
+            or (user.has_perm("core.view_user") and self.is_viewable)
+        )
 
     def get_mini_item(self):
         return """

core/static/core/footer.scss

@@ -65,7 +65,7 @@ footer.bottom-links {
       flex-wrap: wrap;
       align-items: center;
       background-color: $primary-neutral-dark-color;
-      box-shadow: black 0 8px 15px;
+      box-shadow: $shadow-color 0 0 15px;
 
       a {
         color: $white-color;

core/static/core/header.scss

@@ -11,8 +11,7 @@ $hovered-red-text-color: #ff4d4d;
 .header {
   box-sizing: border-box;
   background-color: $deepblue;
-  box-shadow: black 0 1px 3px 0,
+  box-shadow: 3px 3px 3px 0 #dfdfdf;
-              black 0 4px 8px 3px;
   border-radius: 0;
   width: 100%;
   display: flex;
@@ -100,7 +99,7 @@ $hovered-red-text-color: #ff4d4d;
         border-radius: 0;
         margin: 0;
         box-sizing: border-box;
-        background-color: transparent;
+        background-color: $deepblue;
         width: 45px;
         height: 25px;
         padding: 0;
@@ -332,7 +331,7 @@ $hovered-red-text-color: #ff4d4d;
           padding: 10px;
           z-index: 100;
           border-radius: 10px;
-          @include shadow;
+          box-shadow: 3px 3px 3px 0 #767676;
 
           >ul {
             list-style-type: none;

core/static/core/style.scss

@@ -271,9 +271,8 @@ body {
 
   /*--------------------------------CONTENT------------------------------*/
   #content {
-    padding: 1.5em 2%;
+    padding: 1em 1%;
-    border-radius: 5px;
+    box-shadow: $shadow-color 0 5px 10px;
-    box-shadow: black 0 8px 15px;
     background: $white-color;
     overflow: auto;
   }

core/static/user/user_edit.scss

@@ -7,10 +7,13 @@
 .profile {
   &-visible {
     display: flex;
-    justify-content: center;
+    flex-direction: column;
     align-items: center;
     gap: 5px;
     padding-top: 10px;
+    input[type="checkbox"]+label {
+      max-width: unset;
+    }
   }
 
   &-pictures {
@@ -116,23 +119,19 @@
     display: flex;
     flex-direction: row;
     flex-wrap: wrap;
-    gap: 10px;
+    gap: var(--nf-input-size) 10px;
     justify-content: center;
   }
 
   &-field {
     display: flex;
-    flex-direction: row;
-    align-items: center;
     flex-wrap: wrap;
     justify-content: center;
-    gap: 10px;
     width: 100%;
     max-width: 330px;
     min-width: 300px;
 
     @media (max-width: 750px) {
-      gap: 4px;
       max-width: 100%;
     }
 
@@ -145,22 +144,6 @@
       }
     }
 
-    &-label {
-      text-align: left !important;
-    }
-
-    &-content {
-      > * {
-        box-sizing: border-box;
-        text-align: left !important;
-        margin: 0;
-
-        > * {
-          text-align: left !important;
-        }
-      }
-    }
-
     textarea {
       height: 7rem;
     }

core/templates/core/base.jinja

@@ -44,18 +44,6 @@
 
       {% block additional_css %}{% endblock %}
       {% block additional_js %}{% endblock %}
-      <style>
-        {# background image must be declared here, because the static names are
-           changed during the static collection step,
-           which means we must gather them with the `static` template function #}
-        .header {
-          background-image: url("{{ static("core/img/gala25_background.webp") }}");
-          background-position-y: 80%;  {# There are more stars in this part of the picture #}
-        }
-        body {
-          background-image: url("{{ static("core/img/gala25_background.webp") }}");
-        }
-      </style>
     {% endblock %}
   </head>
 

core/templates/core/base/header.jinja

@@ -1,6 +1,6 @@
 <header class="header">
   <div class="header-logo">
-    <a class="header-logo-picture" href="{{ url('core:index') }}" style="background-image: url('{{ static("core/img/gala25_logo.webp") }}')">
+    <a class="header-logo-picture" href="{{ url('core:index') }}" style="background-image: url('{{ static('core/img/logo_no_text.png') }}')">
       &nbsp;
     </a>
     <a class="header-logo-text" href="{{ url('core:index') }}">

core/templates/core/page.jinja

@@ -1,64 +0,0 @@
-{% extends "core/base.jinja" %}
-
-{% block title %}
-  {% if page %}
-    {{ page.get_display_name() }}
-  {% elif page_list %}
-    {% trans %}Page list{% endtrans %}
-  {% elif new_page %}
-    {% trans %}Create page{% endtrans %}
-  {% else %}
-    {% trans %}Not found{% endtrans %}
-  {% endif %}
-{% endblock %}
-
-{% block metatags %}
-  {% if page %}
-    <meta property="og:url" content="{{ request.build_absolute_uri(page.get_absolute_url()) }}" />
-    <meta property="og:type" content="article" />
-    <meta property="article:section" content="{% trans %}Page{% endtrans %}" />
-    <meta property="og:title" content="{{ page.get_display_name() }}" />
-    <meta property="og:image" content="{{ request.build_absolute_uri(static("core/img/logo_no_text.png")) }}" />
-  {% else %}
-    {{ super() }}
-  {% endif %}
-{% endblock %}
-
-{%- macro print_page_name(page) -%}
-  {%- if page -%}
-    {{ print_page_name(page.parent) }} >
-    <a href="{{ url('core:page', page_name=page.get_full_name()) }}">{{ page.get_display_name() }}</a>
-  {%- endif -%}
-{%- endmacro -%}
-
-{% block content %}
-  {{ print_page_name(page) }}
-  <div class="tool_bar">
-    <div class="tools">
-      {% if page %}
-        {% if page.club %}
-          <a href="{{ url('club:club_view', club_id=page.club.id) }}">{% trans %}Return to club management{% endtrans %}</a>
-        {% else %}
-          <a href="{{ url('core:page', page.get_full_name()) }}">{% trans %}View{% endtrans %}</a>
-        {% endif %}
-        <a href="{{ url('core:page_hist', page_name=page.get_full_name()) }}">{% trans %}History{% endtrans %}</a>
-        {% if can_edit(page, user) %}
-          <a href="{{ url('core:page_edit', page_name=page.get_full_name()) }}">{% trans %}Edit{% endtrans %}</a>
-        {% endif %}
-        {% if can_edit_prop(page, user) and not page.is_club_page %}
-          <a href="{{ url('core:page_prop', page_name=page.get_full_name()) }}">{% trans %}Prop{% endtrans %}</a>
-        {% endif %}
-      {% endif %}
-    </div>
-  </div>
-  <hr>
-
-  {% if page %}
-    {% block page %}
-    {% endblock %}
-  {% else %}
-    <h2>{% trans %}Page does not exist{% endtrans %}</h2>
-    <p><a href="{{ url('core:page_new') }}?page={{ request.resolver_match.kwargs['page_name'] }}">
-      {% trans %}Create it?{% endtrans %}</a></p>
-  {% endif %}
-{% endblock %}

core/templates/core/page/base.jinja

@@ -0,0 +1,44 @@
+{% extends "core/base.jinja" %}
+
+{% block title %}
+  {{ page.get_display_name() }}
+{% endblock %}
+
+{% block metatags %}
+  <meta property="og:url" content="{{ request.build_absolute_uri(page.get_absolute_url()) }}" />
+  <meta property="og:type" content="article" />
+  <meta property="article:section" content="{% trans %}Page{% endtrans %}" />
+  <meta property="og:title" content="{{ page.get_display_name() }}" />
+  <meta property="og:image" content="{{ request.build_absolute_uri(static("core/img/logo_no_text.png")) }}" />
+{% endblock %}
+
+{%- macro print_page_name(page) -%}
+  {%- if page -%}
+    {{ print_page_name(page.parent) }} >
+    <a href="{{ url('core:page', page_name=page.get_full_name()) }}">{{ page.get_display_name() }}</a>
+  {%- endif -%}
+{%- endmacro -%}
+
+{% block content %}
+  {{ print_page_name(page) }}
+  <div class="tool_bar">
+    <div class="tools">
+      {% if page.club %}
+        <a href="{{ url('club:club_view', club_id=page.club.id) }}">{% trans %}Return to club management{% endtrans %}</a>
+      {% else %}
+        <a href="{{ url('core:page', page.get_full_name()) }}">{% trans %}View{% endtrans %}</a>
+      {% endif %}
+      <a href="{{ url('core:page_hist', page_name=page.get_full_name()) }}">{% trans %}History{% endtrans %}</a>
+      {% if can_edit(page, user) %}
+        <a href="{{ url('core:page_edit', page_name=page.get_full_name()) }}">{% trans %}Edit{% endtrans %}</a>
+      {% endif %}
+      {% if can_edit_prop(page, user) and not page.is_club_page %}
+        <a href="{{ url('core:page_prop', page_name=page.get_full_name()) }}">{% trans %}Prop{% endtrans %}</a>
+      {% endif %}
+    </div>
+  </div>
+  <hr>
+
+  {% block page %}
+  {% endblock %}
+{% endblock %}

core/templates/core/page/detail.jinja

@@ -0,0 +1,17 @@
+{% extends "core/page/base.jinja" %}
+
+{% block page %}
+  {% if revision and revision.id != last_revision.id %}
+    <h4>
+      {% trans trimmed rev_id=revision.revision %}
+        This may not be the last update, you are seeing revision {{ rev_id }}!
+      {% endtrans %}
+    </h4>
+  {% endif %}
+  {% set current_revision = revision or last_revision %}
+  <h3>{{ current_revision.title }}</h3>
+  <div class="page_content">{{ current_revision.content|markdown }}</div>
+{% endblock %}
+
+
+

core/templates/core/page/edit.jinja

@@ -0,0 +1,13 @@
+{% extends "core/page/base.jinja" %}
+
+{% block page %}
+  <h2>{% trans %}Edit page{% endtrans %}</h2>
+  <form action="{{ url('core:page_edit', page_name=page.get_full_name()) }}" method="post">
+    {% csrf_token %}
+    {{ form.as_p() }}
+    <p><input type="submit" value="{% trans %}Save{% endtrans %}" /></p>
+  </form>
+{% endblock %}
+
+
+

core/templates/core/page/history.jinja

@@ -1,6 +1,6 @@
-{% extends "core/page.jinja" %}
+{% extends "core/page/base.jinja" %}
 
-{% from "core/macros_pages.jinja" import page_history %}
+{% from "core/page/macros.jinja" import page_history %}
 
 {% block page %}
   <h3>{% trans %}Page history{% endtrans %}</h3>

core/templates/core/page/macros.jinja

@@ -17,12 +17,3 @@
     {%- endfor -%}
   </ul>
 {% endmacro %}
-
-{% macro page_edit_form(page, form, url, token) %}
-  <h2>{% trans %}Edit page{% endtrans %}</h2>
-  <form action="{{ url }}" method="post">
-    <input type="hidden" name="csrfmiddlewaretoken" value="{{ token }}">
-    {{ form.as_p() }}
-    <p><input type="submit" value="{% trans %}Save{% endtrans %}" /></p>
-  </form>
-{% endmacro %}

core/templates/core/page/not_found.jinja

@@ -0,0 +1,12 @@
+{% extends "core/base.jinja" %}
+
+{% block content %}
+  <h2>{% trans %}Page does not exist{% endtrans %}</h2>
+  <p>
+    {# This template is rendered when a PageNotFound error is raised,
+       so the `exception` context variable should always have a page_name attribute #}
+    <a href="{{ url('core:page_new') }}?page={{ exception.page_name }}">
+      {% trans %}Create it?{% endtrans %}
+    </a>
+  </p>
+{% endblock %}

core/templates/core/page/prop.jinja

@@ -1,18 +1,13 @@
-{% extends "core/page.jinja" %}
+{% extends "core/page/base.jinja" %}
 
-{% block content %}
+{% block page %}
-  {% if page %}
-    {{ super() }}
-  {% endif %}
   <h2>{% trans %}Page properties{% endtrans %}</h2>
   <form action="" method="post">
     {% csrf_token %}
     {{ form.as_p() }}
     <p><input type="submit" value="{% trans %}Save{% endtrans %}" /></p>
   </form>
-  {% if page %}
+  <a href="{{ url('core:page_delete', page_id=page.id)}}">{% trans %}Delete{% endtrans %}</a>
-    <a href="{{ url('core:page_delete', page_id=page.id)}}">{% trans %}Delete{% endtrans %}</a>
-  {% endif %}
 {% endblock %}
 
 

core/templates/core/page_detail.jinja

@@ -1,17 +0,0 @@
-{% extends "core/page.jinja" %}
-
-{% block page %}
-  {% if rev %}
-    <h4>{% trans rev_id=rev.revision %}This may not be the last update, you are seeing revision {{ rev_id }}!{% endtrans %}</h4>
-    <h3>{{ rev.title }}</h3>
-    <div class="page_content">{{ rev.content|markdown }}</div>
-  {% else %}
-    {% if page.revisions.last() %}
-      <h3>{{ page.revisions.last().title }}</h3>
-      <div class="page_content">{{ page.revisions.last().content|markdown }}</div>
-    {% endif %}
-  {% endif %}
-{% endblock %}
-
-
-

core/templates/core/pagerev_edit.jinja

@@ -1,9 +0,0 @@
-{% extends "core/page.jinja" %}
-{% from 'core/macros_pages.jinja' import page_edit_form %}
-
-{% block page %}
-  {{ page_edit_form(page, form, url('core:page_edit', page_name=page.get_full_name()), csrf_token) }}
-{% endblock %}
-
-
-

core/templates/core/user_edit.jinja

@@ -116,12 +116,12 @@
     {# All fields #}
     <div class="profile-fields">
       {%- for field in form -%}
-        {%- if field.name in ["quote","profile_pict","avatar_pict","scrub_pict","is_subscriber_viewable","forum_signature"] -%}
+        {%- if field.name in ["quote","profile_pict","avatar_pict","scrub_pict","is_viewable","forum_signature"] -%}
           {%- continue -%}
         {%- endif -%}
 
         <div class="profile-field">
-          <div class="profile-field-label">{{ field.label }}</div>
+          {{ field.label_tag() }}
           <div class="profile-field-content">
             {{ field }}
             {%- if field.errors -%}
@@ -136,7 +136,7 @@
     <div class="profile-fields">
       {%- for field in [form.quote, form.forum_signature] -%}
         <div class="profile-field">
-          <div class="profile-field-label">{{ field.label }}</div>
+          {{ field.label_tag() }}
           <div class="profile-field-content">
             {{ field }}
             {%- if field.errors -%}
@@ -149,8 +149,13 @@
 
     {# Checkboxes #}
     <div class="profile-visible">
-      {{ form.is_subscriber_viewable }}
+      <div class="row">
-      {{ form.is_subscriber_viewable.label }}
+        {{ form.is_viewable }}
+        {{ form.is_viewable.label_tag() }}
+      </div>
+      <span class="helptext">
+        {{ form.is_viewable.help_text }}
+      </span>
     </div>
     <div class="final-actions">
 

core/tests/test_core.py

@@ -23,6 +23,7 @@ from django.contrib.auth.hashers import make_password
 from django.contrib.auth.models import Permission
 from django.core import mail
 from django.core.cache import cache
+from django.core.exceptions import ValidationError
 from django.core.mail import EmailMessage
 from django.test import Client, RequestFactory, TestCase
 from django.urls import reverse
@@ -35,8 +36,8 @@ from pytest_django.asserts import assertInHTML, assertRedirects
 from antispam.models import ToxicDomain
 from club.models import Club, Membership
 from core.markdown import markdown
-from core.models import AnonymousUser, Group, Page, User
+from core.models import AnonymousUser, Group, Page, User, validate_promo
-from core.utils import get_semester_code, get_start_of_semester
+from core.utils import get_last_promo, get_semester_code, get_start_of_semester
 from core.views import AllowFragment
 from counter.models import Customer
 from sith import settings
@@ -318,9 +319,8 @@ class TestPageHandling(TestCase):
     def test_access_page_not_found(self):
         """Should not display a page correctly."""
         response = self.client.get(reverse("core:page", kwargs={"page_name": "swagg"}))
-        assert response.status_code == 200
+        assert response.status_code == 404
-        html = response.text
+        assert '<a href="/page/create/?page=swagg">' in response.text
-        self.assertIn('<a href="/page/create/?page=swagg">', html)
 
     def test_create_page_markdown_safe(self):
         """Should format the markdown and escape html correctly."""
@@ -523,6 +523,21 @@ class TestDateUtils(TestCase):
             assert get_start_of_semester() == autumn_2023
 
 
+@pytest.mark.parametrize(
+    ("current_date", "promo"),
+    [("2020-10-01", 22), ("2025-03-01", 26), ("2000-11-11", 2)],
+)
+def test_get_last_promo(current_date: str, promo: int):
+    with freezegun.freeze_time(current_date):
+        assert get_last_promo() == promo
+
+
+@pytest.mark.parametrize("promo", [0, 24])
+def test_promo_validator(promo: int):
+    with freezegun.freeze_time("2021-10-01"), pytest.raises(ValidationError):
+        validate_promo(promo)
+
+
 def test_allow_fragment_mixin():
     class TestAllowFragmentView(AllowFragment, ContextMixin, View):
         def get(self, *args, **kwargs):

core/tests/test_family.py

@@ -55,7 +55,7 @@ class TestFetchFamilyApi(TestCase):
         assert response.status_code == 403
 
     def test_fetch_family_hidden_user(self):
-        self.main_user.is_subscriber_viewable = False
+        self.main_user.is_viewable = False
         self.main_user.save()
         for user_to_login, error_code in [
             (self.main_user, 200),

core/tests/test_page.py

@@ -1,32 +1,122 @@
+from datetime import timedelta
+
+import freezegun
 import pytest
+from bs4 import BeautifulSoup
 from django.conf import settings
 from django.contrib.auth.models import Permission
 from django.test import Client
 from django.urls import reverse
+from django.utils.timezone import now
 from model_bakery import baker
-from pytest_django.asserts import assertRedirects
+from pytest_django.asserts import assertHTMLEqual, assertRedirects
 
+from club.models import Club
 from core.baker_recipes import board_user, subscriber_user
-from core.models import AnonymousUser, Page, User
+from core.markdown import markdown
-from sith.settings import SITH_GROUP_OLD_SUBSCRIBERS_ID, SITH_GROUP_SUBSCRIBERS_ID
+from core.models import AnonymousUser, Page, PageRev, User
 
 
 @pytest.mark.django_db
-def test_edit_page(client: Client):
+class TestEditPage:
-    user = board_user.make()
+    def test_edit_page(self, client: Client):
+        user = board_user.make()
+        page = baker.prepare(Page)
+        page.save(force_lock=True)
+        page.view_groups.add(user.groups.first())
+        page.edit_groups.add(user.groups.first())
+        client.force_login(user)
+
+        url = reverse("core:page_edit", kwargs={"page_name": page._full_name})
+        res = client.get(url)
+        assert res.status_code == 200
+
+        res = client.post(url, data={"content": "Hello World"})
+        assertRedirects(
+            res, reverse("core:page", kwargs={"page_name": page._full_name})
+        )
+        revision = page.revisions.last()
+        assert revision.content == "Hello World"
+
+    def test_pagerev_reused(self, client):
+        """Test that the previous revision is edited, if same author and small time diff"""
+        user = baker.make(User, is_superuser=True)
+        page = baker.prepare(Page)
+        page.save(force_lock=True)
+        first_rev = baker.make(
+            PageRev, author=user, page=page, date=now(), content="Hello World"
+        )
+        client.force_login(user)
+        url = reverse("core:page_edit", kwargs={"page_name": page._full_name})
+        client.post(url, data={"content": "Hello World!"})
+        assert page.revisions.count() == 1
+        assert page.revisions.last() == first_rev
+        first_rev.refresh_from_db()
+        assert first_rev.author == user
+        assert first_rev.content == "Hello World!"
+
+    def test_pagerev_not_reused(self, client):
+        """Test that a new revision is created if too much time
+        passed since the last one.
+        """
+        user = baker.make(User, is_superuser=True)
+        page = baker.prepare(Page)
+        page.save(force_lock=True)
+        first_rev = baker.make(PageRev, author=user, page=page, date=now())
+        client.force_login(user)
+        url = reverse("core:page_edit", kwargs={"page_name": page._full_name})
+        with freezegun.freeze_time(now() + timedelta(minutes=30)):
+            client.post(url, data={"content": "Hello World"})
+        assert page.revisions.count() == 2
+        assert page.revisions.last() != first_rev
+
+
+@pytest.mark.django_db
+def test_page_revision(client: Client):
+    """Test the GET to request to a specific revision page."""
     page = baker.prepare(Page)
     page.save(force_lock=True)
-    page.view_groups.add(user.groups.first())
+    page.view_groups.add(settings.SITH_GROUP_SUBSCRIBERS_ID)
-    client.force_login(user)
+    revisions = baker.make(
-
+        PageRev, page=page, _quantity=3, content=iter(["foo", "bar", "baz"])
-    url = reverse("core:page_edit", kwargs={"page_name": page._full_name})
+    )
+    client.force_login(subscriber_user.make())
+    url = reverse(
+        "core:page_rev",
+        kwargs={"page_name": page._full_name, "rev": revisions[1].id},
+    )
     res = client.get(url)
     assert res.status_code == 200
+    soup = BeautifulSoup(res.text, "lxml")
+    detail_html = soup.find(class_="markdown")
+    assertHTMLEqual(detail_html.decode_contents(), markdown(revisions[1].content))
 
-    res = client.post(url, data={"content": "Hello World"})
+
-    assertRedirects(res, reverse("core:page", kwargs={"page_name": page._full_name}))
+@pytest.mark.django_db
-    revision = page.revisions.last()
+def test_page_club_redirection(client: Client):
-    assert revision.content == "Hello World"
+    club = baker.make(Club)
+    url = reverse("core:page", kwargs={"page_name": club.page._full_name})
+    res = client.get(url)
+    redirection_url = reverse("club:club_view", kwargs={"club_id": club.id})
+    assertRedirects(res, redirection_url)
+
+
+@pytest.mark.django_db
+def test_page_revision_club_redirection(client: Client):
+    client.force_login(subscriber_user.make())
+    club = baker.make(Club)
+    revisions = baker.make(
+        PageRev, page=club.page, _quantity=3, content=iter(["foo", "bar", "baz"])
+    )
+    url = reverse(
+        "core:page_rev",
+        kwargs={"page_name": club.page._full_name, "rev": revisions[1].id},
+    )
+    res = client.get(url)
+    redirection_url = reverse(
+        "club:club_view_rev", kwargs={"club_id": club.id, "rev_id": revisions[1].id}
+    )
+    assertRedirects(res, redirection_url)
 
 
 @pytest.mark.django_db
@@ -35,9 +125,9 @@ def test_viewable_by():
     Page.objects.all().delete()
     view_groups = [
         [settings.SITH_GROUP_PUBLIC_ID],
-        [settings.SITH_GROUP_PUBLIC_ID, SITH_GROUP_SUBSCRIBERS_ID],
+        [settings.SITH_GROUP_PUBLIC_ID, settings.SITH_GROUP_SUBSCRIBERS_ID],
-        [SITH_GROUP_SUBSCRIBERS_ID],
+        [settings.SITH_GROUP_SUBSCRIBERS_ID],
-        [SITH_GROUP_SUBSCRIBERS_ID, SITH_GROUP_OLD_SUBSCRIBERS_ID],
+        [settings.SITH_GROUP_SUBSCRIBERS_ID, settings.SITH_GROUP_OLD_SUBSCRIBERS_ID],
         [],
     ]
     pages = baker.make(Page, _quantity=len(view_groups), _bulk_create=True)
@@ -56,3 +146,11 @@ def test_viewable_by():
     )
     viewable = Page.objects.viewable_by(root_user).values_list("id", flat=True)
     assert set(viewable) == {p.id for p in pages}
+
+
+@pytest.mark.django_db
+def test_page_list_view(client: Client):
+    baker.make(Page, _quantity=10, _bulk_create=True)
+    client.force_login(subscriber_user.make())
+    res = client.get(reverse("core:page_list"))
+    assert res.status_code == 200

core/tests/test_user.py

@@ -3,6 +3,7 @@ from datetime import timedelta
 import pytest
 from django.conf import settings
 from django.contrib import auth
+from django.contrib.auth.models import Permission
 from django.core.management import call_command
 from django.test import Client, RequestFactory, TestCase
 from django.urls import reverse
@@ -18,7 +19,7 @@ from core.baker_recipes import (
     subscriber_user,
     very_old_subscriber_user,
 )
-from core.models import Group, User
+from core.models import AnonymousUser, Group, User
 from core.views import UserTabsMixin
 from counter.baker_recipes import sale_recipe
 from counter.models import Counter, Customer, Refilling, Selling
@@ -368,3 +369,38 @@ class TestRedirectMe:
 def test_promo_has_logo(promo):
     user = baker.make(User, promo=promo)
     assert user.promo_has_logo()
+
+
+@pytest.mark.django_db
+class TestUserQuerySetViewableBy:
+    @pytest.fixture
+    def users(self) -> list[User]:
+        return [
+            baker.make(User),
+            subscriber_user.make(),
+            subscriber_user.make(is_viewable=False),
+        ]
+
+    def test_admin_user(self, users: list[User]):
+        user = baker.make(
+            User,
+            user_permissions=[Permission.objects.get(codename="view_hidden_user")],
+        )
+        viewable = User.objects.filter(id__in=[u.id for u in users]).viewable_by(user)
+        assert set(viewable) == set(users)
+
+    @pytest.mark.parametrize(
+        "user_factory", [old_subscriber_user.make, subscriber_user.make]
+    )
+    def test_subscriber(self, users: list[User], user_factory):
+        user = user_factory()
+        viewable = User.objects.filter(id__in=[u.id for u in users]).viewable_by(user)
+        assert set(viewable) == {users[0], users[1]}
+
+    @pytest.mark.parametrize(
+        "user_factory", [lambda: baker.make(User), lambda: AnonymousUser()]
+    )
+    def test_not_subscriber(self, users: list[User], user_factory):
+        user = user_factory()
+        viewable = User.objects.filter(id__in=[u.id for u in users]).viewable_by(user)
+        assert not viewable.exists()

core/utils.py

@@ -112,6 +112,16 @@ def get_semester_code(d: date | None = None) -> str:
     return "P" + str(start.year)[-2:]
 
 
+def get_last_promo() -> int:
+    """Get the latest promo at the time the function is called.
+
+    For example, if called in october 2022 return 24,
+    if called in march 2026 return 27, etc.
+    """
+    start_year = settings.SITH_SCHOOL_START_YEAR
+    return (localdate() + timedelta(days=180)).year - start_year
+
+
 def is_image(file: UploadedFile):
     try:
         im = PIL.Image.open(file.file)
@@ -186,7 +196,7 @@ def exif_auto_rotate(image):
 
 def get_client_ip(request: HttpRequest) -> str | None:
     headers = (
-        "X_FORWARDED_FOR",  # Common header for proixes
+        "X_FORWARDED_FOR",  # Common header for proxies
         "FORWARDED",  # Standard header defined by RFC 7239.
         "REMOTE_ADDR",  # Default IP Address (direct connection)
     )

core/views/__init__.py

@@ -21,10 +21,10 @@
 # Place - Suite 330, Boston, MA 02111-1307, USA.
 #
 #
-
 from django.http import (
+    Http404,
+    HttpRequest,
     HttpResponseForbidden,
-    HttpResponseNotFound,
     HttpResponseServerError,
 )
 from django.shortcuts import render
@@ -33,17 +33,20 @@ from django.views.generic.edit import FormView
 from sentry_sdk import last_event_id
 
 from core.views.forms import LoginForm
+from core.views.page import PageNotFound
 
 
-def forbidden(request, exception):
+def forbidden(request: HttpRequest, exception):
     context = {"next": request.path, "form": LoginForm()}
     return HttpResponseForbidden(render(request, "core/403.jinja", context=context))
 
 
-def not_found(request, exception):
+def not_found(request: HttpRequest, exception: Http404):
-    return HttpResponseNotFound(
+    if isinstance(exception, PageNotFound):
-        render(request, "core/404.jinja", context={"exception": exception})
+        template_name = "core/page/not_found.jinja"
-    )
+    else:
+        template_name = "core/404.jinja"
+    return render(request, template_name, context={"exception": exception}, status=404)
 
 
 def internal_servor_error(request):

core/views/forms.py

@@ -20,8 +20,9 @@
 # Place - Suite 330, Boston, MA 02111-1307, USA.
 #
 #
+import difflib
 import re
-from datetime import date, datetime
+from datetime import date, datetime, timedelta
 from io import BytesIO
 
 from captcha.fields import CaptchaField
@@ -42,13 +43,12 @@ from django.forms import (
     Widget,
 )
 from django.utils.timezone import now
-from django.utils.translation import gettext
 from django.utils.translation import gettext_lazy as _
 from phonenumber_field.widgets import RegionalPhoneNumberWidget
 from PIL import Image
 
 from antispam.forms import AntiSpamEmailField
-from core.models import Gift, Group, Page, SithFile, User
+from core.models import Gift, Group, Page, PageRev, SithFile, User
 from core.utils import resize_image
 from core.views.widgets.ajax_select import (
     AutoCompleteSelect,
@@ -56,6 +56,7 @@ from core.views.widgets.ajax_select import (
     AutoCompleteSelectMultipleGroup,
     AutoCompleteSelectUser,
 )
+from core.views.widgets.markdown import MarkdownInput
 
 # Widgets
 
@@ -86,30 +87,6 @@ class NFCTextInput(TextInput):
         return context
 
 
-class SelectUser(TextInput):
-    def render(self, name, value, attrs=None, renderer=None):
-        if attrs:
-            attrs["class"] = "select_user"
-        else:
-            attrs = {"class": "select_user"}
-        output = (
-            '%(content)s<div name="%(name)s" class="choose_user_widget" title="%(title)s"></div>'
-            % {
-                "content": super().render(name, value, attrs, renderer),
-                "title": _("Choose user"),
-                "name": name,
-            }
-        )
-        output += (
-            '<span name="'
-            + name
-            + '" class="choose_user_button">'
-            + gettext("Choose user")
-            + "</span>"
-        )
-        return output
-
-
 # Fields
 
 
@@ -202,7 +179,7 @@ class UserProfileForm(forms.ModelForm):
             "school",
             "promo",
             "forum_signature",
-            "is_subscriber_viewable",
+            "is_viewable",
         ]
         widgets = {
             "date_of_birth": SelectDate,
@@ -211,8 +188,8 @@ class UserProfileForm(forms.ModelForm):
             "quote": forms.Textarea,
         }
 
-    def __init__(self, *args, **kwargs):
+    def __init__(self, *args, label_suffix: str = "", **kwargs):
-        super().__init__(*args, **kwargs)
+        super().__init__(*args, label_suffix=label_suffix, **kwargs)
 
         # Image fields are injected here to override the file field provided by the model
         # This would be better if we could have a SithImage sort of model input instead of a generic SithFile
@@ -404,6 +381,55 @@ class PageForm(forms.ModelForm):
         )
 
 
+class PageRevisionForm(forms.ModelForm):
+    """Form to add a new revision to a page.
+
+    Notes:
+        Saving this form won't always result in a new revision.
+        If the previous revision on the same page was made :
+
+        - less than 20 minutes ago
+        - by the same author
+        - with a diff ratio higher than 20%
+
+        then the latter will be edited and the new revision won't be created.
+    """
+
+    TIME_THRESHOLD = timedelta(minutes=20)
+    DIFF_THRESHOLD = 0.2
+
+    class Meta:
+        model = PageRev
+        fields = ["title", "content"]
+        widgets = {"content": MarkdownInput}
+
+    def __init__(
+        self, *args, author: User, page: Page, instance: PageRev | None = None, **kwargs
+    ):
+        super().__init__(*args, instance=instance, **kwargs)
+        self.author = author
+        self.page = page
+        self.initial_content = instance.content if instance else ""
+
+    def diff_ratio(self, new_str: str) -> float:
+        return difflib.SequenceMatcher(
+            None, self.initial_content, new_str
+        ).quick_ratio()
+
+    def save(self, commit=True):  # noqa FBT002
+        revision: PageRev = self.instance
+        if (
+            revision._state.adding
+            or revision.author != self.author
+            or revision.date + self.TIME_THRESHOLD < now()
+            or self.diff_ratio(revision.content) < (1 - self.DIFF_THRESHOLD)
+        ):
+            revision.author = self.author
+            revision.page = self.page
+            revision.id = None  # if id is None, Django will create a new record
+        return super().save(commit=commit)
+
+
 class GiftForm(forms.ModelForm):
     class Meta:
         model = Gift

core/views/page.py

@@ -13,39 +13,39 @@
 #
 #
 
-from django.contrib.auth.mixins import PermissionRequiredMixin
+from django.contrib.auth.mixins import PermissionRequiredMixin, UserPassesTestMixin
 from django.db.models import F, OuterRef, Subquery
 from django.db.models.functions import Coalesce
-
-# This file contains all the views that concern the page model
-from django.forms.models import modelform_factory
 from django.http import Http404
-from django.shortcuts import redirect
+from django.shortcuts import get_object_or_404, redirect
 from django.urls import reverse_lazy
+from django.utils.functional import cached_property
 from django.views.generic import DetailView, ListView
 from django.views.generic.edit import CreateView, DeleteView, UpdateView
 
-from core.auth.mixins import (
+from core.auth.mixins import CanEditPropMixin, CanViewMixin
-    CanEditMixin,
+from core.models import Page, PageRev
-    CanEditPropMixin,
+from core.views.forms import PageForm, PagePropForm, PageRevisionForm
-    CanViewMixin,
-)
-from core.models import LockError, Page, PageRev
-from core.views.forms import PageForm, PagePropForm
-from core.views.widgets.markdown import MarkdownInput
 
 
-class CanEditPagePropMixin(CanEditPropMixin):
+class PageNotFound(Http404):
-    def dispatch(self, request, *args, **kwargs):
+    """Http404 Exception, but specifically for when the not found object is a Page."""
-        res = super().dispatch(request, *args, **kwargs)
+
-        if self.object.is_club_page:
+    def __init__(self, page_name: str):
-            raise Http404
+        self.page_name = page_name
-        return res
+
+
+def get_page_or_404(full_name: str) -> Page:
+    """Like Django's get_object_or_404, but for Page, and with a custom 404 exception."""
+    page = Page.objects.filter(_full_name=full_name).first()
+    if not page:
+        raise PageNotFound(full_name)
+    return page
 
 
 class PageListView(ListView):
     model = Page
-    template_name = "core/page_list.jinja"
+    template_name = "core/page/list.jinja"
 
     def get_queryset(self):
         return (
@@ -64,80 +64,57 @@ class PageListView(ListView):
         )
 
 
-class PageView(CanViewMixin, DetailView):
+class BasePageDetailView(CanViewMixin, DetailView):
     model = Page
-    template_name = "core/page_detail.jinja"
-
-    def dispatch(self, request, *args, **kwargs):
-        res = super().dispatch(request, *args, **kwargs)
-        if self.object and self.object.need_club_redirection:
-            return redirect("club:club_view", club_id=self.object.club.id)
-        return res
-
-    def get_object(self):
-        self.page = Page.get_page_by_full_name(self.kwargs["page_name"])
-        return self.page
-
-    def get_context_data(self, **kwargs):
-        context = super().get_context_data(**kwargs)
-        if "page" not in context:
-            context["new_page"] = self.kwargs["page_name"]
-        return context
-
-
-class PageHistView(CanViewMixin, DetailView):
-    model = Page
-    template_name = "core/page_hist.jinja"
-    slug_field = "_full_name"
     slug_url_kwarg = "page_name"
     _cached_object: Page | None = None
 
     def dispatch(self, request, *args, **kwargs):
         page = self.get_object()
         if page.need_club_redirection:
-            return redirect("club:club_hist", club_id=page.club.id)
+            return redirect("club:club_view", club_id=page.club.id)
         return super().dispatch(request, *args, **kwargs)
 
     def get_object(self, *args, **kwargs):
         if not self._cached_object:
-            self._cached_object = super().get_object()
+            full_name = self.kwargs.get(self.slug_url_kwarg)
+            self._cached_object = get_page_or_404(full_name)
         return self._cached_object
 
+    def get_context_data(self, **kwargs):
+        return super().get_context_data(**kwargs) | {
+            "last_revision": self.object.revisions.last()
+        }
 
-class PageRevView(CanViewMixin, DetailView):
+
-    model = Page
+class PageView(BasePageDetailView):
-    template_name = "core/page_detail.jinja"
+    template_name = "core/page/detail.jinja"
+
+
+class PageHistView(BasePageDetailView):
+    template_name = "core/page/history.jinja"
+
+
+class PageRevView(BasePageDetailView):
+    template_name = "core/page/detail.jinja"
 
     def dispatch(self, request, *args, **kwargs):
-        res = super().dispatch(request, *args, **kwargs)
+        page = self.get_object()
-        self.object = self.get_object()
+        if page.need_club_redirection:
-
-        if self.object is None:
-            return redirect("core:page_create", page_name=self.kwargs["page_name"])
-
-        if self.object.need_club_redirection:
             return redirect(
-                "club:club_view_rev", club_id=self.object.club.id, rev_id=kwargs["rev"]
+                "club:club_view_rev", club_id=page.club.id, rev_id=kwargs["rev"]
             )
-        return res
+        self.revision = get_object_or_404(page.revisions, id=self.kwargs["rev"])
-
+        return super().dispatch(request, *args, **kwargs)
-    def get_object(self, *args, **kwargs):
-        self.page = Page.get_page_by_full_name(self.kwargs["page_name"])
-        return self.page
 
     def get_context_data(self, **kwargs):
-        context = super().get_context_data(**kwargs)
+        return super().get_context_data(**kwargs) | {"revision": self.revision}
-        if not self.page:
-            return context | {"new_page": self.kwargs["page_name"]}
-        context["page"] = self.page
-        context["rev"] = self.page.revisions.filter(id=self.kwargs["rev"]).first()
-        return context
 
 
 class PageCreateView(PermissionRequiredMixin, CreateView):
     model = Page
     form_class = PageForm
-    template_name = "core/page_prop.jinja"
+    template_name = "core/create.jinja"
     permission_required = "core.add_page"
 
     def get_initial(self):
@@ -152,88 +129,67 @@ class PageCreateView(PermissionRequiredMixin, CreateView):
         init["name"] = page_name[-1]
         return init
 
-    def get_context_data(self, **kwargs):
-        context = super().get_context_data(**kwargs)
-        context["new_page"] = True
-        return context
-
     def form_valid(self, form):
         form.instance.set_lock(self.request.user)
         ret = super().form_valid(form)
         return ret
 
 
+class CanEditPagePropMixin(CanEditPropMixin):
+    def dispatch(self, request, *args, **kwargs):
+        res = super().dispatch(request, *args, **kwargs)
+        if self.object.is_club_page:
+            raise Http404
+        return res
+
+
 class PagePropView(CanEditPagePropMixin, UpdateView):
     model = Page
     form_class = PagePropForm
-    template_name = "core/page_prop.jinja"
+    template_name = "core/page/prop.jinja"
-    slug_field = "_full_name"
-    slug_url_kwarg = "page_name"
 
     def get_object(self, queryset=None):
-        self.page = super().get_object()
+        self.page = get_page_or_404(full_name=self.kwargs["page_name"])
-        try:
+        self.page.set_lock_recursive(self.request.user)
-            self.page.set_lock_recursive(self.request.user)
-        except LockError as e:
-            raise e
         return self.page
 
 
-class PageEditViewBase(CanEditMixin, UpdateView):
+class BasePageEditView(UserPassesTestMixin, UpdateView):
     model = PageRev
-    form_class = modelform_factory(
+    form_class = PageRevisionForm
-        model=PageRev, fields=["title", "content"], widgets={"content": MarkdownInput}
+    template_name = "core/page/edit.jinja"
-    )
+
-    template_name = "core/pagerev_edit.jinja"
+    def test_func(self):
+        return self.request.user.can_edit(self.page)
+
+    @cached_property
+    def page(self) -> Page:
+        page = get_page_or_404(full_name=self.kwargs["page_name"])
+        page.set_lock(self.request.user)
+        return page
 
     def get_object(self, *args, **kwargs):
-        self.page = Page.get_page_by_full_name(self.kwargs["page_name"])
+        return self.page.revisions.last()
-        return self._get_revision()
-
-    def _get_revision(self):
-        if self.page is not None:
-            # First edit
-            if self.page.revisions.all() is None:
-                rev = PageRev(author=self.request.user)
-                rev.save()
-                self.page.revisions.add(rev)
-            try:
-                self.page.set_lock(self.request.user)
-            except LockError as e:
-                raise e
-            return self.page.revisions.last()
-        return None
 
     def get_context_data(self, **kwargs):
-        context = super().get_context_data(**kwargs)
+        return super().get_context_data(**kwargs) | {"page": self.page}
-        if self.page is not None:
-            context["page"] = self.page
-        else:
-            context["new_page"] = self.kwargs["page_name"]
-        return context
 
-    def form_valid(self, form):
+    def get_form_kwargs(self):
-        # TODO : factor that, but first make some tests
+        return super().get_form_kwargs() | {
-        rev = form.instance
+            "author": self.request.user,
-        new_rev = PageRev(title=rev.title, content=rev.content)
+            "page": self.page,
-        new_rev.author = self.request.user
+        }
-        new_rev.page = self.page
-        form.instance = new_rev
-        return super().form_valid(form)
 
 
-class PageEditView(PageEditViewBase):
+class PageEditView(BasePageEditView):
     def dispatch(self, request, *args, **kwargs):
-        res = super().dispatch(request, *args, **kwargs)
+        if self.page.need_club_redirection:
-        if self.object and self.object.page.need_club_redirection:
+            return redirect("club:club_edit_page", club_id=self.page.club.id)
-            return redirect("club:club_edit_page", club_id=self.object.page.club.id)
+        return super().dispatch(request, *args, **kwargs)
-        return res
 
 
 class PageDeleteView(CanEditPagePropMixin, DeleteView):
     model = Page
     template_name = "core/delete_confirm.jinja"
     pk_url_kwarg = "page_id"
-
+    success_url = reverse_lazy("core:page_list")
-    def get_success_url(self, **kwargs):
-        return reverse_lazy("core:page_list")

core/views/user.py

@@ -103,9 +103,7 @@ def password_root_change(request, user_id):
     """Allows a root user to change someone's password."""
     if not request.user.is_root:
         raise PermissionDenied
-    user = User.objects.filter(id=user_id).first()
+    user = get_object_or_404(User, id=user_id)
-    if not user:
-        raise Http404("User not found")
     if request.method == "POST":
         form = views.SetPasswordForm(user=user, data=request.POST)
         if form.is_valid():

counter/schemas.py

@@ -1,3 +1,4 @@
+from datetime import datetime
 from typing import Annotated, Self
 
 from annotated_types import MinLen
@@ -100,3 +101,10 @@ class ProductFilterSchema(FilterSchema):
     product_type: set[int] | None = Field(None, q="product_type__in")
     club: set[int] | None = Field(None, q="club__in")
     counter: set[int] | None = Field(None, q="counters__in")
+
+
+class SaleFilterSchema(FilterSchema):
+    before: datetime | None = Field(None, q="date__lt")
+    after: datetime | None = Field(None, q="date__gt")
+    counters: set[int] | None = Field(None, q="counter__in")
+    products: set[int] | None = Field(None, q="product__in")

election/templates/election/election_detail.jinja

@@ -141,7 +141,7 @@
                           <label for="{{ input_id }}">
                         {%- endif %}
                         <figure>
-                          {%- if user.is_subscriber_viewable %}
+                          {%- if user.is_viewable %}
                             {% if candidature.user.profile_pict %}
                               <img class="candidate__picture" src="{{ candidature.user.profile_pict.get_download_url() }}" alt="{% trans %}Profile{% endtrans %}">
                             {% else %}

galaxy/models.py

@@ -199,7 +199,7 @@ class Galaxy(models.Model):
         cls, picture_count_threshold: int = DEFAULT_PICTURE_COUNT_THRESHOLD
     ) -> QuerySet[User]:
         return (
-            User.objects.filter(is_subscriber_viewable=True)
+            User.objects.filter(is_viewable=True)
             .exclude(subscriptions=None)
             .annotate(
                 pictures_count=Count("pictures"),

locale/fr/LC_MESSAGES/django.po

@@ -6,7 +6,7 @@
 msgid ""
 msgstr ""
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-11-07 14:50+0100\n"
+"POT-Creation-Date: 2025-11-12 21:44+0100\n"
 "PO-Revision-Date: 2016-07-18\n"
 "Last-Translator: Maréchal <thomas.girod@utbm.fr\n"
 "Language-Team: AE info <ae.info@utbm.fr>\n"
@@ -247,8 +247,7 @@ msgstr "description"
 msgid "past member"
 msgstr "ancien membre"
 
-#: club/models.py club/templates/club/club_detail.jinja
+#: club/models.py com/templates/com/mailing_admin.jinja
-#: com/templates/com/mailing_admin.jinja
 #: com/templates/com/news_admin_list.jinja com/templates/com/weekmail.jinja
 #: core/templates/core/user_clubs.jinja
 #: counter/templates/counter/invoices_call.jinja
@@ -471,7 +470,7 @@ msgstr "Méthode de paiement"
 #: core/templates/core/file_detail.jinja
 #: core/templates/core/file_moderation.jinja
 #: core/templates/core/group_detail.jinja core/templates/core/group_list.jinja
-#: core/templates/core/macros.jinja core/templates/core/page_prop.jinja
+#: core/templates/core/macros.jinja core/templates/core/page/prop.jinja
 #: core/templates/core/user_account_detail.jinja
 #: core/templates/core/user_clubs.jinja core/templates/core/user_edit.jinja
 #: counter/templates/counter/fragments/create_student_card.jinja
@@ -547,11 +546,12 @@ msgstr ""
 "Les champs de formulaire suivants sont liées à la description basique d'un "
 "club. Tous les membres du bureau du club peuvent voir et modifier ceux-ci."
 
-#: club/templates/club/edit_club.jinja com/templates/com/news_edit.jinja
+#: club/templates/club/edit_club.jinja club/templates/club/pagerev_edit.jinja
-#: com/templates/com/poster_edit.jinja com/templates/com/screen_edit.jinja
+#: com/templates/com/news_edit.jinja com/templates/com/poster_edit.jinja
-#: com/templates/com/weekmail.jinja core/templates/core/create.jinja
+#: com/templates/com/screen_edit.jinja com/templates/com/weekmail.jinja
-#: core/templates/core/edit.jinja core/templates/core/file_edit.jinja
+#: core/templates/core/create.jinja core/templates/core/edit.jinja
-#: core/templates/core/macros_pages.jinja core/templates/core/page_prop.jinja
+#: core/templates/core/file_edit.jinja core/templates/core/page/edit.jinja
+#: core/templates/core/page/prop.jinja
 #: core/templates/core/user_godfathers.jinja
 #: core/templates/core/user_godfathers_tree.jinja
 #: core/templates/core/user_preferences.jinja
@@ -638,9 +638,9 @@ msgstr "Nouvelle liste de diffusion"
 msgid "Create mailing list"
 msgstr "Créer une liste de diffusion"
 
-#: club/templates/club/page_history.jinja
+#: club/templates/club/pagerev_edit.jinja core/templates/core/page/edit.jinja
-msgid "No page existing for this club"
+msgid "Edit page"
-msgstr "Aucune page n'existe pour ce club"
+msgstr "Éditer la page"
 
 #: club/views.py core/views/user.py sas/templates/sas/picture.jinja
 msgid "Infos"
@@ -654,7 +654,7 @@ msgstr "Membres"
 msgid "Old members"
 msgstr "Anciens membres"
 
-#: club/views.py core/templates/core/page.jinja
+#: club/views.py core/templates/core/page/base.jinja
 msgid "History"
 msgstr "Historique"
 
@@ -666,7 +666,7 @@ msgstr "Outils"
 #: club/views.py com/templates/com/news_admin_list.jinja
 #: com/templates/com/poster_list.jinja com/templates/com/screen_list.jinja
 #: com/templates/com/weekmail.jinja core/templates/core/file.jinja
-#: core/templates/core/group_list.jinja core/templates/core/page.jinja
+#: core/templates/core/group_list.jinja core/templates/core/page/base.jinja
 #: core/templates/core/user_tools.jinja core/views/user.py
 #: counter/templates/counter/cash_summary_list.jinja
 #: counter/templates/counter/counter_list.jinja
@@ -704,8 +704,8 @@ msgid "Benefit"
 msgstr "Bénéfice"
 
 #: club/views.py
-msgid "Selling price"
+msgid "Unit price"
-msgstr "Prix de vente"
+msgstr "Prix unitaire"
 
 #: club/views.py
 msgid "Purchase price"
@@ -980,7 +980,7 @@ msgid "Dates"
 msgstr "Dates"
 
 #: com/templates/com/news_admin_list.jinja core/templates/core/file.jinja
-#: core/templates/core/page.jinja
+#: core/templates/core/page/base.jinja
 msgid "View"
 msgstr "Voir"
 
@@ -1017,6 +1017,10 @@ msgstr "Événements à modérer"
 msgid "Back to news"
 msgstr "Retour aux nouvelles"
 
+#: com/templates/com/news_detail.jinja
+msgid "Share on Facebook"
+msgstr "Partager sur Facebook"
+
 #: com/templates/com/news_detail.jinja
 msgid "Author: "
 msgstr "Auteur : "
@@ -1532,8 +1536,15 @@ msgid "parent address"
 msgstr "adresse des parents"
 
 #: core/models.py
-msgid "is subscriber viewable"
+msgid "Profile visible by subscribers"
-msgstr "profil visible par les cotisants"
+msgstr "Profil visible par les cotisants"
+
+#: core/models.py
+msgid ""
+"If you disable this option, only admin users will be able to see your "
+"profile."
+msgstr ""
+"Si vous désactivez cette option, seuls les admins pourront voir votre profil."
 
 #: core/models.py
 msgid "A user with that username already exists"
@@ -1949,7 +1960,7 @@ msgstr "Liste de fichiers"
 msgid "New file"
 msgstr "Nouveau fichier"
 
-#: core/templates/core/file.jinja core/templates/core/page.jinja
+#: core/templates/core/file.jinja
 msgid "Not found"
 msgstr "Non trouvé"
 
@@ -1957,7 +1968,7 @@ msgstr "Non trouvé"
 msgid "My files"
 msgstr "Mes fichiers"
 
-#: core/templates/core/file.jinja core/templates/core/page.jinja
+#: core/templates/core/file.jinja core/templates/core/page/base.jinja
 msgid "Prop"
 msgstr "Propriétés"
 
@@ -2095,14 +2106,6 @@ msgstr "Mot de passe perdu ?"
 msgid "Create account"
 msgstr "Créer un compte"
 
-#: core/templates/core/macros.jinja
-msgid "Share on Facebook"
-msgstr "Partager sur Facebook"
-
-#: core/templates/core/macros.jinja
-msgid "Tweet"
-msgstr "Tweeter"
-
 #: core/templates/core/macros.jinja
 #, python-format
 msgid "Subscribed until %(subscription_end)s"
@@ -2124,19 +2127,6 @@ msgstr "Tout sélectionner"
 msgid "Unselect All"
 msgstr "Tout désélectionner"
 
-#: core/templates/core/macros_pages.jinja
-#, python-format
-msgid "You're seeing the history of page \"%(page_name)s\""
-msgstr "Vous consultez l'historique de la page \"%(page_name)s\""
-
-#: core/templates/core/macros_pages.jinja
-msgid "last"
-msgstr "actuel"
-
-#: core/templates/core/macros_pages.jinja
-msgid "Edit page"
-msgstr "Éditer la page"
-
 #: core/templates/core/new_user_email.jinja
 msgid ""
 "You're receiving this email because you subscribed to the UTBM student "
@@ -2187,38 +2177,47 @@ msgstr "Nouvelle cotisation à l'Association des Étudiants de l'UTBM"
 msgid "Notification list"
 msgstr "Liste des notifications"
 
-#: core/templates/core/page.jinja core/templates/core/page_list.jinja
+#: core/templates/core/page/base.jinja
-msgid "Page list"
+msgid "Page"
-msgstr "Liste des pages"
+msgstr "Page"
 
-#: core/templates/core/page.jinja
+#: core/templates/core/page/base.jinja
-msgid "Create page"
-msgstr "Créer une page"
-
-#: core/templates/core/page.jinja
 msgid "Return to club management"
 msgstr "Retourner à la gestion du club"
 
-#: core/templates/core/page.jinja
+#: core/templates/core/page/detail.jinja
-msgid "Page does not exist"
-msgstr "La page n'existe pas"
-
-#: core/templates/core/page.jinja
-msgid "Create it?"
-msgstr "La créer ?"
-
-#: core/templates/core/page_detail.jinja
 #, python-format
 msgid "This may not be the last update, you are seeing revision %(rev_id)s!"
 msgstr ""
 "Ceci n'est peut-être pas la dernière version de la page. Vous consultez la "
 "version %(rev_id)s."
 
-#: core/templates/core/page_hist.jinja
+#: core/templates/core/page/history.jinja
 msgid "Page history"
 msgstr "Historique de la page"
 
-#: core/templates/core/page_prop.jinja
+#: core/templates/core/page/list.jinja
+msgid "Page list"
+msgstr "Liste des pages"
+
+#: core/templates/core/page/macros.jinja
+#, python-format
+msgid "You're seeing the history of page \"%(page_name)s\""
+msgstr "Vous consultez l'historique de la page \"%(page_name)s\""
+
+#: core/templates/core/page/macros.jinja
+msgid "last"
+msgstr "actuel"
+
+#: core/templates/core/page/not_found.jinja
+msgid "Page does not exist"
+msgstr "La page n'existe pas"
+
+#: core/templates/core/page/not_found.jinja
+msgid "Create it?"
+msgstr "La créer ?"
+
+#: core/templates/core/page/prop.jinja
 msgid "Page properties"
 msgstr "Propriétés de la page"
 
@@ -2841,10 +2840,6 @@ msgstr "Erreur d'envoi du fichier %(file_name)s : %(msg)s"
 msgid "Apply rights recursively"
 msgstr "Appliquer les droits récursivement"
 
-#: core/views/forms.py
-msgid "Choose user"
-msgstr "Choisir un utilisateur"
-
 #: core/views/forms.py
 msgid "Ensure this timestamp is set in the future"
 msgstr "Assurez-vous que cet horodatage est dans le futur"
@@ -5112,14 +5107,6 @@ msgstr "Membre de Sbarro ou de l'ESTA"
 msgid "One semester Welcome Week"
 msgstr "Un semestre Welcome Week"
 
-#: sith/settings.py
-msgid "One month for free"
-msgstr "Un mois gratuit"
-
-#: sith/settings.py
-msgid "Two months for free"
-msgstr "Deux mois gratuits"
-
 #: sith/settings.py
 msgid "Eurok's volunteer"
 msgstr "Bénévole Eurockéennes"
@@ -5133,8 +5120,10 @@ msgid "One day"
 msgstr "Un jour"
 
 #: sith/settings.py
-msgid "GA staff member (2 weeks)"
+#, fuzzy
-msgstr "Membre staff GA (2 semaines)"
+#| msgid "GA staff member"
+msgid "GA staff member"
+msgstr "Membre staff GA"
 
 #: sith/settings.py
 msgid "One semester (-20%)"

matmat/views.py

@@ -105,7 +105,7 @@ class SearchFormListView(FormerSubscriberMixin, SingleObjectMixin, ListView):
         self.can_see_hidden = True
         if not (request.user.is_board_member or request.user.is_root):
             self.can_see_hidden = False
-            self.init_query = self.init_query.exclude(is_subscriber_viewable=False)
+            self.init_query = self.init_query.filter(is_viewable=True)
 
         return super().dispatch(request, *args, **kwargs)
 
@@ -130,7 +130,7 @@ class SearchFormListView(FormerSubscriberMixin, SingleObjectMixin, ListView):
                 else:
                     q = []
                 if not self.can_see_hidden and len(q) > 0:
-                    q = [user for user in q if user.is_subscriber_viewable]
+                    q = [user for user in q if user.is_viewable]
             else:
                 search_dict = {}
                 for key, value in self.valid_form.items():

sas/api.py

@@ -136,11 +136,14 @@ class PicturesController(ControllerBase):
         "/{picture_id}/identified",
         permissions=[CanView],
         response=list[IdentifiedUserSchema],
+        url_name="picture_identifications",
     )
     def fetch_identifications(self, picture_id: int):
         """Fetch the users that have been identified on the given picture."""
         picture = self.get_object_or_exception(Picture, pk=picture_id)
-        return picture.people.select_related("user")
+        return picture.people.viewable_by(self.context.request.user).select_related(
+            "user"
+        )
 
     @route.put("/{picture_id}/identified", permissions=[CanView])
     def identify_users(self, picture_id: NonNegativeInt, users: set[NonNegativeInt]):

sas/models.py

@@ -265,6 +265,15 @@ def sas_notification_callback(notif: Notification):
     notif.param = str(count)
 
 
+class PeoplePictureRelationQuerySet(models.QuerySet):
+    def viewable_by(self, user: User) -> Self:
+        if user.is_root or user.is_in_group(pk=settings.SITH_GROUP_SAS_ADMIN_ID):
+            return self
+        if user.was_subscribed:
+            return self.filter(Q(user_id=user.id) | Q(user__is_viewable=True))
+        return self.filter(user_id=user.id)
+
+
 class PeoplePictureRelation(models.Model):
     """The PeoplePictureRelation class makes the connection between User and Picture."""
 
@@ -281,6 +290,8 @@ class PeoplePictureRelation(models.Model):
         on_delete=models.CASCADE,
     )
 
+    objects = PeoplePictureRelationQuerySet.as_manager()
+
     class Meta:
         unique_together = ["user", "picture"]
 

sas/tests/test_api.py

@@ -186,6 +186,29 @@ class TestPictureRelation(TestSas):
         assert res.status_code == 404
         assert PeoplePictureRelation.objects.count() == relation_count
 
+    def test_fetch_relations_including_hidden_users(self):
+        """Test that normal subscribers users cannot see hidden profiles"""
+        picture = self.album_a.children_pictures.last()
+        self.user_a.is_viewable = False
+        self.user_a.save()
+        url = reverse("api:picture_identifications", kwargs={"picture_id": picture.id})
+
+        # a normal subscriber user shouldn't see user_a as identified
+        self.client.force_login(subscriber_user.make())
+        response = self.client.get(url)
+        data = {user["user"]["id"] for user in response.json()}
+        assert data == {self.user_b.id, self.user_c.id}
+
+        # an admin should see everyone
+        self.client.force_login(
+            baker.make(
+                User, groups=[Group.objects.get(id=settings.SITH_GROUP_SAS_ADMIN_ID)]
+            )
+        )
+        response = self.client.get(url)
+        data = {user["user"]["id"] for user in response.json()}
+        assert data == {self.user_a.id, self.user_b.id, self.user_c.id}
+
 
 class TestPictureModeration(TestSas):
     @classmethod

sas/tests/test_model.py

@@ -1,10 +1,11 @@
+import pytest
 from django.test import TestCase
 from model_bakery import baker
 
 from core.baker_recipes import old_subscriber_user, subscriber_user
 from core.models import User
 from sas.baker_recipes import picture_recipe
-from sas.models import Picture
+from sas.models import PeoplePictureRelation, Picture
 
 
 class TestPictureQuerySet(TestCase):
@@ -44,3 +45,25 @@ class TestPictureQuerySet(TestCase):
         user.pictures.create(picture=self.pictures[1])  # moderated
         pictures = list(Picture.objects.viewable_by(user))
         assert pictures == [self.pictures[1]]
+
+
+@pytest.mark.django_db
+def test_identifications_viewable_by_user():
+    picture = baker.make(Picture)
+    identifications = baker.make(
+        PeoplePictureRelation, picture=picture, _quantity=10, _bulk_create=True
+    )
+    identifications[0].user.is_viewable = False
+    identifications[0].user.save()
+
+    assert (
+        list(picture.people.viewable_by(old_subscriber_user.make()))
+        == identifications[1:]
+    )
+    assert (
+        list(picture.people.viewable_by(baker.make(User, is_superuser=True)))
+        == identifications
+    )
+    assert list(picture.people.viewable_by(identifications[1].user)) == [
+        identifications[1]
+    ]

subscription/forms.py

@@ -7,6 +7,7 @@ from django.core.exceptions import ValidationError
 from django.utils.translation import gettext_lazy as _
 
 from core.models import User
+from core.utils import get_last_promo
 from core.views.forms import SelectDate, SelectDateTime
 from core.views.widgets.ajax_select import AutoCompleteSelectUser
 from subscription.models import Subscription
@@ -125,8 +126,17 @@ class SubscriptionNewUserForm(SubscriptionForm):
             "deux-semestres",
             "cursus-tronc-commun",
             "cursus-branche",
+            "cursus-alternant",
         ]:
             member.role = "STUDENT"
+            member.school = "UTBM"
+        if self.cleaned_data.get("subscription_type") == "cursus-tronc-commun":
+            member.promo = get_last_promo()
+        if self.cleaned_data.get("subscription_type") in [
+            "cursus-branche",
+            "cursus-alternant",
+        ]:
+            member.promo = get_last_promo() - 2
         member.generate_username()
         member.set_password(secrets.token_urlsafe(nbytes=10))
         self.instance.member = member